Re: [I2nsf] Service Layer Policies - Post 0: note structure
Linda Dunbar <linda.dunbar@huawei.com> Wed, 09 December 2015 23:54 UTC
Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 106171A1B43 for <i2nsf@ietfa.amsl.com>; Wed, 9 Dec 2015 15:54:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.611
X-Spam-Level:
X-Spam-Status: No, score=-3.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_24=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EH4ME9veWv33 for <i2nsf@ietfa.amsl.com>; Wed, 9 Dec 2015 15:54:52 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 982F31A1B25 for <i2nsf@ietf.org>; Wed, 9 Dec 2015 15:54:51 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml404-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CFF80183; Wed, 09 Dec 2015 23:54:48 +0000 (GMT)
Received: from DFWEML703-CHM.china.huawei.com (10.193.5.130) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 9 Dec 2015 23:54:47 +0000
Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml703-chm ([10.193.5.130]) with mapi id 14.03.0235.001; Wed, 9 Dec 2015 15:54:44 -0800
From: Linda Dunbar <linda.dunbar@huawei.com>
To: Aldo Basile <cataldo.basile@polito.it>, DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
Thread-Topic: [I2nsf] Service Layer Policies - Post 0: note structure
Thread-Index: AQHRMIqyvnKSbbDaGE++ac31TX2i157ACZyggAFTqoCAAbVMAIAARXSA
Date: Wed, 09 Dec 2015 23:54:43 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657DAEE81@dfweml701-chm>
References: <CAJwYUrFofZHG+b5oPjsi8cMoJ9MjUnoHY5kcE_KW0NKxSrc2fA@mail.gmail.com> <4A95BA014132FF49AE685FAB4B9F17F657DADCA6@dfweml701-chm> <A56B1B45-FBAF-49DC-BB57-DBC035490C3C@telefonica.com> <566813CC.3090709@polito.it>
In-Reply-To: <566813CC.3090709@polito.it>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.76]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020206.5668BF48.017B, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: b2c9dfb86f3d59d2c6d5c327bc6378c2
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/o7dVXGsbuqewBrp0kdJ3doDBvFs>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, John Strassner <strazpdj@gmail.com>
Subject: Re: [I2nsf] Service Layer Policies - Post 0: note structure
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2015 23:54:55 -0000
Aldo, Thank you for the suggestion. Just want to add a note: I2NSF only deals with rule-set/policy for treating packets/flows traversing through NSF. Therefore, the I2NSF polices would be much simpler, which doesn't need to deal with network wide policies or user policies. Linda -----Original Message----- From: Aldo Basile [mailto:cataldo.basile@polito.it] Sent: Wednesday, December 09, 2015 5:43 AM To: DIEGO LOPEZ GARCIA; Linda Dunbar Cc: i2nsf@ietf.org; John Strassner Subject: Re: [I2nsf] Service Layer Policies - Post 0: note structure Dear all, I agree it is not worth considering the whole PCIM or PCIMe models and suggested implementations. They are too complex to implement and maintain and far from being perfect (John Strassner's Posts 0/1 are much more precise references to PCIM issues). However, I think PCIM/PCIMe are excellent starting points for the design of the an information model, thus they can be used for I2NSF as well. In my experience, all the policy-related concepts that one may need during such a design phase can be described by referring to PCIM/PCIMe-defined concepts (regardless of the way they are represented, classes, associations, association classes), concepts that PCIM/PCIMe miss, and concepts that are not correctly/optimally represented in PCIM/PCIMe. In the SECURED project (and before in the PoSecCo project), PCIM/PCIMe have been considered as starting point to design the information and data models (which are now similar but not equal), while the actual implementation of the repositories and management tasks have been completely detached from PCIM/PCIMe (we had indeed a bad experience in fully agreeing with PCIM during a previous POSITIF project). Therefore, it is probably worth considering the 'refinement' of the I2NSF requirements (which, to the best of my knowledge are presented here https://datatracker.ietf.org/wg/i2nsf/charter/, please correct me if I'm wrong) to a set of more formal/precisely defined requirements and probably also inputs from use cases. Only at that point it would be possible to precisely understand what we can reuse from existing (de facto) standards or models. Regards, Cataldo On 08/12/2015 10:37, DIEGO LOPEZ GARCIA wrote: > Hi, > > I support this. I think it is good to be aligned with common usage of > terms, unless there are very good reasons to do otherwise. > > Just for the record, we are collecting some of the (already mature) > results of the SECURED project policy efforts into a document we will > contribute anytime soon. I hope we will be well aligned with John's ideas. > > Be goode, > >> On 7 Dec 2015, at 22:25 , Linda Dunbar <linda.dunbar@huawei.com >> <mailto:linda.dunbar@huawei.com>> wrote: >> >> John, >> Thank you very much for structuring the discussion. This is very helpful. >> Maybe I am jumping ahead. For Post 5, the "object" currently used in >> I2NSF framework is same as the "Condition" in PCIM to describe the >> constraints. If no one disagree, I propose to align with PCIM, i.e. >> call it "Subject-Condition-Action-Function". >> Regards, >> Linda >> *From:*I2nsf [mailto:i2nsf-bounces@ietf.org]*On Behalf Of*John Strassner >> *Sent:*Sunday, December 06, 2015 7:00 PM >> *To:*i2nsf@ietf.org <mailto:i2nsf@ietf.org> >> *Subject:*[I2nsf] Service Layer Policies - Post 0: note structure >> The I2NSF framework draft mentions PCIM (RFC3060) and PCIMe (RFC3460) >> as possible candidates for guiding the policy structure that can be >> mapped to the Capability Layer's "Subject-Object-Action-Function" >> paradigm. >> During IETF94, I expressed discomfort with the above paradigm. >> However, this is a complex subject, and is more easily understood by >> breaking this up into smaller discussions. Here is the order of notes >> that I will post: >> Post 0: this post >> Post 1: problems in using PCIM >> Post 2: problems in using PCIMe >> Post 3: differentiating between groups and roles >> Post 4: differentiating between context, constraints, and conditions >> Post 5: specific worries about the >> "Subject-Object-Action-Function" paradigm >> Post 6: proposed replacement policy structure >> Posts 1 and 2 clarify the problems in using PCIM and PCIMe, >> respectively, which I volunteered to do. >> Posts 3 and 4 are fundamental to posts 5 and 6, as they represent >> software building blocks that are critical for designing and >> implementing Service Policies in a scalable and robust manner. These >> also expand on points in posts 1 and 2. >> Post 5 is the heart of the manner, but can't really be tackled until >> the preceding posts were done. Post 6 builds on the previous posts. >> regards, >> John >> -- >> regards, >> John >> _______________________________________________ >> I2nsf mailing list >> I2nsf@ietf.org <mailto:I2nsf@ietf.org> >> https://www.ietf.org/mailman/listinfo/i2nsf > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: diego.r.lopez@telefonica.com <mailto:diego.r.lopez@telefonica.com> > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > > ------------------------------------------------------------------------ > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, > puede contener información privilegiada o confidencial y es para uso > exclusivo de la persona o entidad de destino. Si no es usted. el > destinatario indicado, queda notificado de que la lectura, utilización, > divulgación y/o copia sin autorización puede estar prohibida en virtud > de la legislación vigente. Si ha recibido este mensaje por error, le > rogamos que nos lo comunique inmediatamente por esta misma vía y proceda > a su destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual or > entity named above. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this communication is strictly prohibited. If you have > received this transmission in error, do not read it. Please immediately > reply to the sender that you have received this communication in error > and then delete it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu > destinatário, pode conter informação privilegiada ou confidencial e é > para uso exclusivo da pessoa ou entidade de destino. Se não é vossa > senhoria o destinatário indicado, fica notificado de que a leitura, > utilização, divulgação e/ou cópia sem autorização pode estar proibida em > virtude da legislação vigente. Se recebeu esta mensagem por erro, > rogamos-lhe que nos o comunique imediatamente por esta mesma via e > proceda a sua destruição > > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf >
- [I2nsf] Service Layer Policies - Post 0: note str… John Strassner
- Re: [I2nsf] Service Layer Policies - Post 0: note… Linda Dunbar
- Re: [I2nsf] Service Layer Policies - Post 0: note… John Strassner
- Re: [I2nsf] Service Layer Policies - Post 0: note… DIEGO LOPEZ GARCIA
- Re: [I2nsf] Service Layer Policies - Post 0: note… Aldo Basile
- Re: [I2nsf] Service Layer Policies - Post 0: note… Linda Dunbar
- Re: [I2nsf] Service Layer Policies - Post 0: note… John Strassner